Feature request - Ability to do HIP check on GlobalProtect Portal/Gateway

I'm trying to block unauthorize devices (non-domain machine and not having our approved anti-virus install) to establish a client VPN session into our network via GlobalProtect. The only way right now is to apply HIP check once a VPN connection via G

Expedition bugs?

I stumbled across two potential bugs in Expedition 1.0.107 the other day, using it to merge duplicates and unused objects from a Panorama (8.1.5) config.

1. Editing a config that originally contained over 10,000 objects (across different DGs) resul

Fortinet migration

Looking to move addresses, address groups, services and service groups from a FGT1000C to a Palo 3060 and then build the policy in Palo manually.  I've backed up the FGT config and created a new project in Expedition and was able to import it success

Issues When migrating from Checkpoint MDS enviroment

1- Rules from Application Blade are coming disabled (Not an issue, just needed to know why)

2- Interfaces are coming without an IP Address (Just network address)

3- OSPF routing are being loaded onto migration as fi they were static routes.

4- Some f

Upgrade Path from 3050(PAN OS: 8.0.12) to 3220(PAN OS: 8.1.0)

Hi,

I am upgrading from 3050 appliance to 3220, devices are in HA. is there any migration tool available in PA?

Please advice me the upgrade path.

Regards

Zahid

shared custom app-id migration to 8.1 PA-220R

Hey All,

had an issue today while migrating apps from 7050 config to pa220R (bloody slow device) with 8.1.5 on board.

on 7050 I have few vsyse's with shared applications and application-groups used (to share them in ruleset between vsyses). New PA-

RADIUS server profiles unavailable for adding users if not by admin

Scenario:

Two RADIUS servers added, tested fine.

They were both added by user "admin".

Added a new user with Admin role.

new user logs in fine, goes to add other users (because hes an admin), he can add a user, but not specify a RADIUS server for use

Can't upload a Fortinet config file

Hi, all.

I'm trying to use Expedition for the first time and it won't let me upload a config from a FortiGate. It's showing me the following error:

Thoughts?

EDIT: I was able to load this config file into the old MT 3.3.10 and it read it c

Add new IPv6 device key in Expedition 1.1.2 fails

Hello,

after making sure the IPv6 config part is completed correctly and the ping6 is functional I add a new IPv6 Panorama device to Expedition (currently running version 1.1.2).
As soon as I complete the API key details and click on Add I get follo

PAN Order Agent is stopped

I have tried Starting and Restarting from the GUI ,same result. I have exited the program restarted Expedition multiple times . It stopped two days ago and won't restart.

GlobalProtect configuration missing in Expedition tool

Greetings all. 

I have an issue with Expedition that I can't figure out. I imported the .XML from our PA-5220 and the config from our Cisco ASA and merged them. While verifying the resultant configuration in Expedition I noticed that there was nothin

Packet Flow Sequence and Application Override

Hello everyone,

I have a question regarding the "AppID override" ,

In this article "https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0" we can read the following:

"
Special Note about Content and Threat inspection
Applica

Commit fails from Panorama to Firewall for migrated configuration.

Hi, 

I am preparing to migrate configuration from cisco FWSM to Palo Alto 5250 which is managed by Panorama. The converted configuration gets exported to Panorama but while attempting to commit to the firewall, i get the following error. I have don